Migrate from local LDAP authentication to Azure Active Directory

Hi,

I’ve followed the documentation described on Tutorial: Azure AD SSO integration with SonarQube - Microsoft Entra | Microsoft Docs to create an integration between SonarQube and Azure Active Directory.

We are currently using SonarQube * Community Edition * Version 8.9.6 (build 50800), running on Windows VM On-premise.

After creating the Azure Active Directory Enterprise Application, I’ve configured the SonarQube instance with the proper configuration.

After enabling this functionality, the additional login-button is visible on the SonarQube login page and this brings me to Azure Active Directory for authentication.

To validate the SSO functionality, I decided to first use the SonarQube API to set the External Identity Provider & External Identity to “move” my LDAP account to SAML account.

API call

api/users/update_identity_provider?login=$login&newExternalProvider=saml&newExternalIdentity=$newExternalIdentity

After successfull authentication on Azure Active Directory, I’m getting the following error on SonarQube :

You’re not authorized to access this page. Please contact the administrator.

Reason: This account is already associated with another authentication method. Sign in using the current authentication method, or contact your administrator to transfer your account to a different authentication method.

Viewing the logs, this tells me the following

2022.09.16 16:18:22 DEBUG web[AYNCBqtk+JFfhiKHABG0][auth.event] login failure [cause|Email ‘username@domain’ is already used][method|OAUTH2][provider|EXTERNAL|saml][IP|10.16.68.82|][login|username@domain]

Retrieving my user account via REST API shows me the correct information

externalIdentity : username@domain
externalProvider : saml

Any ideas what I did wrong? I am using SAML, as defined the same on my user, and why does it mention another authentication method?
I’m now unable to authenticate with my user via LDAP nor via Azure Active Directory.

Best regards,
Jens

Hey @JensBruggeman ,

Welcome to the community!

Do you mind sharing a DB row from users table for that user? (of course, please anonymize any email data).